Famous Ransomware Attacks in History
Written by:
University of Tulsa
• Jan 22, 2024
Famous Ransomware Attacks in History
Ransomware attacks cost victims an estimated $30 billion in 2023, according to IBM. The high cost of ransomware goes beyond the ransom extorted by cyber attackers — it also includes the cost of disruptions caused by the attack.
The first ransomware attack dates back to 1989, long before cyber attackers launched the earliest email phishing scams. The most famous ransomware attacks in history demonstrate how these attacks evolved from a clunky floppy disk scam to complex double extortion attacks.
While frequent data backups may have protected ransomware victims in the past, today’s sophisticated attacks require cybersecurity experts to prevent and deter ransomware attacks.
What’s Ransomware?
Malicious software, also known as malware, can infect computers and networks — spying on users, disrupting operations, or stealing data. Ransomware is one of the most common types of malware. It locks the target’s data or device, holding it ransom unless the target pays off the cyber attacker.
Ransomware comes in several types. For example, encrypting ransomware encrypts files and data, extorting targets for an encryption key. This is the most common type of ransomware. However, ransomware can also lock an entire device and demand ransom to unlock it.
In recent years, cyber attackers have begun using leakware or doxware to steal data and threaten to publish it if targets don’t pay the ransom. Even when targets pay the ransom, cybercriminals sometimes leave their files encrypted or leak data.
A key feature of ransomware attacks is how the software is installed on or gains access to the target’s computer systems. The most common ransomware infection methods include the following:
- Phishing emails. Phishing email scams infect systems when users download malware in email attachments or links. According to IBM’s Cyber Resilient Organization Study 2021, a total of 45% of ransomware attacks used phishing.
- System or software vulnerabilities. Unpatched vulnerabilities in operating systems or software can leave users open to a ransomware attack. The threat of zero-day vulnerabilities, which are unknown or not yet patched, is particularly high.
- Credential theft. Cyber attackers can steal or hack the credentials of authorized users to access computers and networks. Then, they can infect systems with malware.
Today, fewer victims of ransomware attacks pay the ransom. In the first quarter of 2019, a total of 85% of victims paid the ransom demand, according to cyber extortion incident response firm Coveware. By the fourth quarter of 2022, that percentage dropped to just 37%, signaling a significant change in approaches.
Instead of paying ransoms, potential targets invest in cyber crime preparedness to counter the threat of ransomware, underscoring the importance of cybersecurity for organizations.
7 Famous Ransomware Attacks
The most famous ransomware attacks in history have targeted individuals, private businesses, government agencies, and critical infrastructure. Some attacks never made headlines, as victims attempted to conceal successful breaches. Others made headlines around the world and changed how cybersecurity professionals operate.
IBM’s 2023 X-Force Threat Intelligence Index reported a decline in ransomware as a share of cybersecurity incidents, dropping by 4% from 2021 to 2022. This decline came because targets learned from past attacks and implemented new cybersecurity protocols to detect and prevent attacks.
AIDS Trojan (1989)
The first ransomware attack in history dates back to 1989, long before cyber attackers used the internet to spread malware. The AIDS Trojan, also known as PC Cyborg, used floppy disks to target the subscriber list of a World Health Organization AIDS conference. When victims accessed the floppy disk, it released encryption malware onto their computers.
The attacker then demanded $189-$378 to release the encrypted files. While the first ransomware attack had a limited economic impact, it warned computer users of the dangers of malware.
Colonial Pipeline (2021)
In 2021, a ransomware attack targeted Colonial Pipeline, a company with the largest refined products pipeline in the U.S., supplying 45% of East Coast fuel. In the wake of the attack, the company shut down the pipeline for nearly a week, causing gas shortages and leading to a state of emergency in 17 states.
By targeting critical infrastructure, the ransomware attack caused major disruptions. As one of the highest-profile attacks in history, it also warned Americans of the threat posed by ransomware.
CryptoLocker (2013)
The CryptoLocker ransomware attacks ushered in the modern era of ransomware. From 2013 to 2014, the malware extorted $3 million from victims.
Cyber attackers targeted victims through a phishing scam, infecting computers through email attachments that contained malware. Once activated, the malware encrypted files and demanded a ransom. The CryptoLocker attack was one of the first to demand bitcoin for its ransom. Today, many attacks demand cryptocurrency to pay ransoms.
British Library (2023)
In October 2023, a cyber attack took down the British Library website, which remained down months later. Attackers stole personal data and threatened to sell it online, known as double extortion. By simultaneously encrypting and stealing data, targets faced additional pressure to pay the ransom.
The group behind the attack, Rhysida, has also attacked a U.S. hospital group and government institutions in Portugal, Chile, and Kuwait.
WannaCry (2017)
While previous ransomware attacks infected devices one by one, the 2017 WannaCry attack could spread through networks. Known as a cryptoworm, this ransomware infected more than 200,000 computers around the world.
The attack exploited a vulnerability in Windows that Microsoft had already identified and patched. However, many users hadn’t updated their systems, leaving their computers vulnerable to cyber attacks. One of the costliest and most famous ransomware attacks in history, WannaCry cost an estimated $4 billion.
Costa Rican Government (2022)
In 2022, a ransomware attack targeted the government of Costa Rica. In response, the country declared a state of emergency. The attackers demanded a $20 million ransom and threatened, “We are determined to overthrow the government by means of a cyberattack, we have already shown you all the strength and power.”
The extortion attack signaled to governments around the world that ransomware could pose a major national security threat.
REvil (2019)
REvil (short for Ransomware Evil and also known as Sodinokibi) emerged in 2019 and netted millions using a new ransomware-as-a-service (RaaS) model. Instead of orchestrating attacks directly, the developers distributed the ransomware to cyber attackers for a percentage of the profits.
In 2021, REvil targeted a remote network management company, infecting over a thousand business networks around the world.
Prevent Ransomware Attacks With a Master’s Degree in Cybersecurity
As cybercriminals continue to search for vulnerabilities and develop novel ways to exploit victims, including RaaS and double extortion, cybersecurity professionals must stay one step ahead. Detecting and preventing cyber attacks goes beyond protecting private data — it’s also a national security issue. The online Master of Science in Cyber Security at The University of Tulsa prepares graduates for leading roles in cybersecurity.
Learn how to design security systems, protect digital assets, and lead teams of cybersecurity professionals. With your master’s degree, you’ll qualify for roles such as cybersecurity analyst, information security engineer, or cybersecurity manager.
Recommended Readings
Cyber Threat Analyst Career Overview
Cybersecurity Defense Strategies: The Role of Cybersecurity in National Security
How to Become a Penetration Tester
Sources:
Axios, “Colonial Pipeline Ransomware Attack’s Unexpected Legacy”
Coveware, Improved Security and Backups Result in Record Low Number of Ransomware Payments
CSO, “REvil Ransomware Explained: A Widespread Extortion Operation”
CSO, “WannaCry Explained: A Perfect Ransomware Storm”
IBM, “Costa Rica State of Emergency Declared After Ransomware Attacks”
SDxCentral, “Case Study: AIDS Trojan Ransomware”
The Guardian, “Cryptolocker: What You Need to Know”
The Guardian, “Rhysida, The New Ransomware Gang Behind British Library Cyber-Attack”